Domain Security Reports

Search our database of flagged domains. Check if a website is a scam, phishing, or legitimate.

Total Tracked

CRITICAL THREAT

Fake Uniswap Phishing: How Scammers Clone the #1 DEX

Uniswap is the largest decentralized exchange (DEX) by trading volume, making it a prime target for phishing attacks. Scammers create convincing clones of the Uniswap interface at app.uniswap.org to steal funds through fake token swaps and malicious wallet approvals. PhishDestroy tracks 212+ domains impersonating Uniswap.

409

Domains Detected

CRITICAL

Threat Level

How This Attack Works

Fake Uniswap sites exploit the complexity of DeFi interactions. Since users are accustomed to connecting wallets and approving transactions on Uniswap, phishing sites seamlessly blend malicious approvals into the expected workflow.

STEP 1

Clone the Uniswap Interface

Attackers create pixel-perfect copies of the Uniswap swap interface, often hosted on typosquatted domains like uniswap-app.com, uniiswap.org, or uniswap.exchange.

STEP 2

Drive Traffic via Ads & SEO

Fake sites are promoted through Google/Bing ads for "Uniswap" keywords, poisoned search results, Telegram groups, and fake social media accounts promoting "exclusive token listings."

STEP 3

Prompt Wallet Connection

The cloned interface asks users to connect MetaMask, WalletConnect, or Coinbase Wallet — identical to the real Uniswap flow, making it nearly indistinguishable.

STEP 4

Execute Malicious Approvals

When the user attempts a "swap," the site submits a malicious token approval (approve/increaseAllowance for unlimited amounts) instead of a legitimate swap transaction, granting the attacker access to all tokens of that type.

Technical Analysis

Real Cases

Uniswap Google Ads Campaign (2024)

$4.7M+ drained stolen

Multiple fake Uniswap sites ran as Google Ads above legitimate results. Users who clicked the ad instead of navigating directly had their wallets drained through malicious token approvals.

Fake Uniswap Airdrop (2023)

$2M+ in losses stolen

A massive phishing campaign distributed fake "UNI token airdrop" links through Telegram, Twitter, and Discord. The claim page drained wallets of users who connected to receive the non-existent airdrop.

Uniswap V4 Launch Scam (2024)

Thousands affected stolen

Scammers exploited Uniswap V4 launch hype by creating fake "early access" and "migration" sites, tricking users into approving token transfers to attacker wallets.

How to Detect

URL is NOT app.uniswap.org — any other domain is fake (check carefully for typosquats)

Reached the site through an ad, email, or DM instead of navigating directly

Token approval request for unlimited amount or unfamiliar contract address

Asks for seed phrase or private key — Uniswap never requests these

Promotes "exclusive" tokens, "guaranteed returns," or urgent "migration" requirements

How to Protect Yourself

1 Always navigate directly to app.uniswap.org — bookmark it and never use search ads

2 Verify the contract address of any token approval before signing (check on Etherscan)

3 Use a hardware wallet (Ledger/Trezor) which shows transaction details on the device screen

4 Regularly review and revoke unnecessary token approvals at revoke.cash

5 Check suspicious Uniswap domains on PhishDestroy before connecting any wallet

Frequently Asked Questions

What is Fake Uniswap Phishing?

Scammers create clones of the Uniswap decentralized exchange interface on fake domains. When users connect their wallets and try to swap tokens, the site executes malicious token approvals instead, giving attackers access to drain the user's tokens.

How many fake Uniswap domains exist?

PhishDestroy tracks 212+ domains impersonating Uniswap, including typosquats (un1swap, uniiswap), extended domains (uniswap-exchange, uniswap-defi), and completely unrelated domains hosting cloned Uniswap interfaces.

What is the official Uniswap website?

The only official Uniswap interface is at app.uniswap.org. The official website is uniswap.org. Any other domain claiming to be Uniswap is fraudulent. Always verify the URL before connecting your wallet.

What if I used a fake Uniswap site?

Immediately: 1) Check your token approvals at revoke.cash and revoke any suspicious ones, 2) Transfer remaining funds to a new wallet, 3) Check transaction history on Etherscan for unauthorized transfers, 4) Report the fake domain to PhishDestroy.

Data sourced from PhishDestroy threat intelligence database — 409 domains tracked for this threat type

Uniswap — Threat Intelligence Brand Active Threat

409

Domains

Alive

316

Taken Down

8.1

Avg VT

17.4%

Alive Rate

93.4%